Issue No. 07 - July (1998 vol. 47)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/12.709375
<p><b>Abstract</b>—Exponentiation may be performed faster than the traditional square and multiply method by iteratively reducing the exponent modulo numbers which, as exponents themselves, require few multiplications. This mainly includes those with few nonzero bits. For a suitable choice of such divisors, the resulting mixed basis representation of the exponent reduces the expected number of nonsquaring multiplications by over half at the cost of a single extra register. Preprocessing effort depends entirely on the exponent and can be kept down to the work saved in a single exponentiation. Moreover, no precomputed look-up tables are required, so the method is especially applicable where space is at a premium. In particular, it outperforms the instance of the <it>m</it>-ary method which uses the same space. However, for 512-bit exponents, it beats every instance of the <it>m</it>-ary method, achieving well under 635 multiplications on average. Both hardware and software implementations of the RSA crypto-system can benefit from this algorithm.</p>
Modular exponentiation, bit recoding, RSA cryptosystem, addition chains, m-ary method, mixed basis arithmetic, radix representation.
C. D. Walter, "Exponentiation Using Division Chains," in IEEE Transactions on Computers, vol. 47, no. , pp. 757-765, 1998.